Can you say with certainty that your company could survive major data loss? Do you know how much downtime your business could endure? Are you confident that your organization is in compliance with government regulations and laws for business continuity and data recovery (BCDR)? If the answer to any of those questions is no, then it’s probably time to reach out to an experienced business continuity consultant.
Hiring a consultant is a smart move for companies that are new to continuity planning or that are reevaluating their existing strategies. However, with such a variety of advisors available, it’s important to compare your options carefully and find the right fit for your business’s needs. In this post, we’ll explore why, when, and how your company can go about engaging with a business continuity consultant.
A Business Continuity Consultant Helps You Plan for Disaster
Every business faces a disaster at some point, whether it’s a technology failure, weather event, or malware. Companies are regularly bombarded with disaster scenarios now more than ever, especially with cybersecurity threats like ransomware on the rise.
Your plans for such disasters will ultimately determine how vulnerable your company is and how quickly it can bounce back. According to the Federal Emergency Management Agency (FEMA), roughly one in four businesses never recover following a major disaster. As FEMA acknowledges, many of these closures could be prevented if organizations implemented the right planning.
The problem lies in the complexity of business continuity. A lot of factors play into a company’s ability to thwart—and recover from—a critical event. Business continuity consultants can make planning easier by providing insight into the company’s unique disaster-planning needs. They can also help to implement the right safeguards, such as:
- Technology
- Recovery procedures
- Testing protocols
- Employee training
These factors will contribute to your company’s long-term resiliency.
A Consultant Has Answers for Your Toughest BCDR Questions
Depending on their specialty, a consultancy will help identify your company’s vulnerabilities and create an action plan that reduces risk and speeds up your recovery time. Business continuity consultants can also help provide the answers to your questions about disaster preparedness.
What Goes in a Business Continuity Plan (BCP)?
Some consultants can explain in detail what a BCP is and why you need one. Many will also help you write your BCP. This establishes a strong foundation for your continuity planning and ensures that you have a single comprehensive document that outlines your company’s readiness for a disaster.
What is the Business Continuity Management (BCM) Lifecycle?
The BCM lifecycle outlines the process that a consultant will follow to ensure that your plan is comprehensive, responds to your unique business issues, and has mechanisms to remain relevant, even as your business changes and new technologies and threats enter the market. These are the steps in the process:
- Step 1 – Identify: Risk Assessment
- Step 2 – Analyze: Business Impact Analysis
- Step 3 – Create: Strategy and Plan Development
- Step 4 – Measure: Test, Train, Maintain
The purpose of this methodology is to leave no stone unturned in identifying risks. It’s also a vital part of gaining stakeholder agreement on response mechanisms so that, when a disaster does occur, your company can respond in a coordinated and determined manner.
How Do We Perform a Risk Assessment?
A risk assessment is one of the most critical components of BC planning. It identifies the company’s unique risks, prioritized by likelihood. A good consultant can help uncover serious risks that your in-house teams may have overlooked.
How Do We Perform a Business Impact Analysis?
A business impact analysis is an extension of a risk assessment report. It tries to predict how each disaster risk will impact your business in different ways, including:
- Downtime
- Revenue loss
- Costs of idle workers
- Recovery expenses
- Impact on future revenue
- Effects on brand perception and company reputation resulting from a loss of customer trust
An expert can help you perform this critical analysis to determine the true impact of each disaster and which continuity gaps need to be filled.
What Is Our RTO or RPO?
A recovery time objective (RTO) is the amount of acceptable downtime that a business system or service can experience before the consequences become disastrous. Similarly, a recovery point objective (RPO) is the acceptable maximum duration of data loss after a backup restore.
Both figures typically require a series of calculations and the coordination of different departments within your company. An experienced consultant can help you determine these projections, which, along with the findings from the business impact analysis, will be used in the Strategy and Plan Development phase of the BCM lifecycle. They will allow you to develop failsafe policies that enable your business to respond to disasters.
Which Technologies Are Imperative for Continuity?
With so much technology available on the market, it can be difficult to know what you really need. A continuity consultant has a broad understanding of which technologies to consider, including:
- Data backups
- Cloud storage
- Virus and malware software
- DDoS protection
- Redundant communications lines
A well-informed advisor will assist you not only in determining what types of technology are most important but also in weeding through the numerous options available in each of these areas.
What Else Do We Need to Know?
Sometimes the most important questions are the ones you didn’t realize you needed to ask. A consultant can identify the numerous other solutions and procedural steps you may not be thinking about, including:
- Training programs
- Secondary business locations
- Medical response planning
- Legal and regulatory compliance
- Emergency contact lists
- Calling trees
If you’re just getting started on your BCP, or you’re not confident in your existing recovery planning, then it’s probably a good idea to speak to a consultant who specializes in business continuity.
Is My Company Ready to Hire a Business Continuity Consultant?
Business continuity consultants sometimes receive requests for proposals from companies that haven’t done the necessary internal work to produce successful outcomes. Both the consultant selection process and program implementation require upfront preparation. Given the significant financial and personnel investment that your company will make in a BCDR program, designating key roles and responsibilities from the beginning will pay dividends in your contract negotiations and plan deployment.
Appoint a Subject-Matter Expert
The first step to a successful relationship with a business consultant is appointing a member of your team to serve as the primary point of contact. This person, typically a program manager, will take the lead in defining your company’s requirements, communicating those needs to consultants competing for your business, and evaluating the proposals you receive.
Consultants often report that one of the early sources of friction in a relationship occurs when they deliver a proposal based on a poorly conceived set of requirements. When this occurs, disappointment over the disconnect turns into a lot of finger-pointing, establishing a negative tone during the earliest stages of the relationship. Furthermore, as time passes, the point person must have sufficient depth of knowledge to judge whether the consultant’s analysis and recommendations match the needs of the business.
To ensure that your subject-matter expert is properly prepared to work with a consultant, you can assess whether there are any gaps in their knowledge and skills. If you discover deficiencies, there are abundant paid and free resources available that offer education, document templates, and tools, including:
Making this assessment and initiating necessary training prior to partnering with a consultant helps establish a more positive and productive relationship for the future.
Name an Executive Sponsor
To complement the operational lead, it’s also important to name an executive sponsor who provides corporate leadership. This person should have sufficient clout to achieve essential goals, particularly:
- Advocating for necessary funding
- Motivating cross-departmental cooperation during the analysis phases
- Mobilizing the company when a disaster strikes
Visibility during a crisis is crucial, so you need a personality capable of stepping into this high-pressure role.
Types of Business Continuity Consultants
There are many kinds of business continuity consultants, and it’s vital that you determine which is the best fit for your organization. Some of the most common types of consultants include:
- Technology providers
- Software providers
- Continuity plan writers
- Emergency preparedness agencies
- Financial firms
Some consultants specialize in one area, while others offer a 360-degree approach. Likewise, you may have the opportunity to work with a consultancy that’s a one-person firm or a larger organization with dozens of employees on staff.
Evaluate your options carefully to ensure you’re choosing the appropriate type of service for your company. For example, if you’re already confident in your continuity planning, but you need to upgrade your data protection systems, it would be logical to focus your search specifically on technology providers.
What to Look for in Business Continuity Consultants
Regardless of what type of expert you’re searching for, it’s always critical to make sure you’re dealing with a professional who can help you achieve your company’s specific BCDR objectives. There are a few things to look for to determine whether the consultant is a good match for your business.
Experience
Experience is one of the most important factors affecting the quality of service and guidance you receive, so you should always look into a consultant’s background. A lack of experience could result in costly mistakes in your BCDR deployments, and you’ll realize it at the worst possible time: when disaster strikes. Stick with professionals who have an extensive track record that includes:
- Years in business
- Number of previous clients
- Number of current active clients
A potential consultant who is unable or unwilling to share this information is most likely lacking in experience.
Client Similarity
Extensive experience doesn’t necessarily translate to a good working relationship. Look for advisors whose clients look similar to your own company in terms of the following factors:
- Industry
- Company size
- IT infrastructure
- Continuity objectives
Some consultants have experience only in a single industry. If it’s not yours, then you may need to keep looking.
Knowledge
Business continuity is constantly evolving. New technologies can provide better protection against disasters and virtually eliminate downtime. Your consultants could have a lot of experience, but if they’re recommending outdated systems, then you’re leaving your company at risk. Research the implementations and practices that they suggest and make sure their advice is current before you put it into practice.
Intestinal Fortitude
While you’re looking for a cooperative working relationship with your consultant, you also want to select a person who has enough backbone to take a stand and challenge existing ways of thinking about your businesses. One way to test their mettle is to ask them to speak about how they have previously dealt with resistance to their planning recommendations. A consultant’s strong resolve will also be an important factor in gaining employee cooperation during each step of the BCM lifecycle and during presentations to management to obtain corporate buy-in to plan adoption.
Client Responses
Treat your prospective consultant with the same evaluation standards as you would a technology investment or a job applicant. While online reviews aren’t always reliable, they’re a great place to begin. When possible, reach out to clients who have left reviews and ask them specific questions.
In addition, ask the prospective consultant if they’re willing to provide referrals that you can contact directly. If they’re willing to share this information, consider these points as you evaluate the responses you receive:
- Whether expectations were met or exceeded
- Unexpected obstacles that occurred
- How well the consultant’s implementations and processes held up during a real disaster situation
Keep in mind that a single negative client review may not be indicative of the consultant’s skills. It’s best to seek responses from several different clients to get a broader picture.
Initial Customer Service
You can learn a lot about a consultant during the first few weeks when you’re evaluating their services. For example, if you’re constantly reaching their voicemail and not receiving timely responses, that’s a valid cause for concern. Ask yourself these questions:
- How responsive are they to your phone calls and emails?
- How willing are they to visit your company in person?
- How thoroughly are they answering your questions, and do you feel rushed?
- Are you dealing directly with the consultant or an assistant?
A lack of good customer service at this stage is a strong indicator of what the relationship will look like moving forward.
Executive Presence
It’s important to have confidence in the consultant’s ability to interact effectively with your executive team. This factor comes into play in the consultant’s role as a mentor to your executives on the art of crisis leadership.
Successful consultants are able to educate executives on strategies and tactics for decision-making and communicating when the company is in the midst of a disaster. In a chaotic situation, strong leadership will inspire each member of the team to step up and fulfill their assigned roles. It also plays a pivotal role in re-motivating the organization once the crisis has passed.
Certification
Certification isn’t critical or required for a BC consultant, but it can show that they have made a serious investment in their education, training, and skills. If certification is important to you, consider these additional points when selecting a consultant:
- Where was the certification completed?
- How reputable is the company that provided the certification?
- How recent is the certification?
- Has the certification been maintained?
Certification from an organization such as DRI International, a well-known provider of BCDR training, reflects that the consultant has worked to achieve a higher level of knowledge and expertise in their field.
Results
Unlike other types of business investments, business continuity isn’t always measured in ROI. However, when put to the test, good planning can save businesses a lot of money. In the most severe cases, it can literally save the business itself.
When speaking to possible consultants, ask for use cases that demonstrate real-world scenarios in which their guidance has led to measurable results, such as:
- Cost savings
- Reduced risk
- Faster recovery
- Minimized impact from a disaster
A skilled consultant should be able to provide details of the specific benefits that organizations have gained during their partnership.
Finding the Right Business Continuity Consultant
Even with a clear set of evaluation criteria, selecting a business continuity consultant may ultimately come down to a subjective decision. Over the duration of your relationship, the consultant will need to get to know your operations, your people, and your processes. Interactions with the consultant, either during initial conversations or in the midst of team meetings, usually reflect whether they understand you, your team, and your business focus.
Choosing a consultant can be stressful, particularly if you’re not sure exactly what you need. The team at Invenio IT has a deep understanding of BCDR planning and can help you determine what type of consultant would be most appropriate. Contact the business continuity experts at Invenio IT for guidance and support as you search for the best business continuity consultant for your business.